{"id":"https://openalex.org/W7140714479","doi":"https://doi.org/10.48550/arxiv.2603.23801","title":"AgentRFC: Security Design Principles and Conformance Testing for Agent Protocols","display_name":"AgentRFC: Security Design Principles and Conformance Testing for Agent Protocols","publication_year":2026,"publication_date":"2026-03-25","ids":{"openalex":"https://openalex.org/W7140714479","doi":"https://doi.org/10.48550/arxiv.2603.23801"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.23801","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.23801","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.23801","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5130698140","display_name":"Shenghan Zheng","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Zheng, Shenghan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5100708489","display_name":"Qifan Zhang","orcid":"https://orcid.org/0000-0002-9278-9576"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Qifan","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5130698140"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12203","display_name":"Mobile Agent-Based Network Management","score":0.28060001134872437,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12203","display_name":"Mobile Agent-Based Network Management","score":0.28060001134872437,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.24799999594688416,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.1363999992609024,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cryptographic-protocol","display_name":"Cryptographic protocol","score":0.61080002784729},{"id":"https://openalex.org/keywords/credential","display_name":"Credential","score":0.6057000160217285},{"id":"https://openalex.org/keywords/universal-composability","display_name":"Universal composability","score":0.5789999961853027},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.5595999956130981},{"id":"https://openalex.org/keywords/interaction-protocol","display_name":"Interaction protocol","score":0.49970000982284546},{"id":"https://openalex.org/keywords/delegate","display_name":"Delegate","score":0.4927999973297119},{"id":"https://openalex.org/keywords/formal-methods","display_name":"Formal methods","score":0.43560001254081726},{"id":"https://openalex.org/keywords/formal-verification","display_name":"Formal verification","score":0.4339999854564667},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.3831000030040741}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.809499979019165},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.61080002784729},{"id":"https://openalex.org/C2777810591","wikidata":"https://www.wikidata.org/wiki/Q16861606","display_name":"Credential","level":2,"score":0.6057000160217285},{"id":"https://openalex.org/C165751822","wikidata":"https://www.wikidata.org/wiki/Q7894118","display_name":"Universal composability","level":4,"score":0.5789999961853027},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.5595999956130981},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5353999733924866},{"id":"https://openalex.org/C2775851571","wikidata":"https://www.wikidata.org/wiki/Q6045205","display_name":"Interaction protocol","level":3,"score":0.49970000982284546},{"id":"https://openalex.org/C143273055","wikidata":"https://www.wikidata.org/wiki/Q2382794","display_name":"Delegate","level":2,"score":0.4927999973297119},{"id":"https://openalex.org/C75606506","wikidata":"https://www.wikidata.org/wiki/Q1049183","display_name":"Formal methods","level":2,"score":0.43560001254081726},{"id":"https://openalex.org/C111498074","wikidata":"https://www.wikidata.org/wiki/Q173326","display_name":"Formal verification","level":2,"score":0.4339999854564667},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.3831000030040741},{"id":"https://openalex.org/C116253237","wikidata":"https://www.wikidata.org/wiki/Q1437424","display_name":"Formal specification","level":2,"score":0.3743000030517578},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.3725999891757965},{"id":"https://openalex.org/C110251889","wikidata":"https://www.wikidata.org/wiki/Q1569697","display_name":"Model checking","level":2,"score":0.35359999537467957},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3515999913215637},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.30959999561309814},{"id":"https://openalex.org/C148176105","wikidata":"https://www.wikidata.org/wiki/Q206494","display_name":"Transport Layer Security","level":3,"score":0.2953000068664551},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.2874999940395355},{"id":"https://openalex.org/C12269588","wikidata":"https://www.wikidata.org/wiki/Q132364","display_name":"Communications protocol","level":2,"score":0.28299999237060547},{"id":"https://openalex.org/C20136886","wikidata":"https://www.wikidata.org/wiki/Q749647","display_name":"Interoperability","level":2,"score":0.27410000562667847},{"id":"https://openalex.org/C75114861","wikidata":"https://www.wikidata.org/wiki/Q594324","display_name":"General Inter-ORB Protocol","level":5,"score":0.2709999978542328},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.26919999718666077},{"id":"https://openalex.org/C168535184","wikidata":"https://www.wikidata.org/wiki/Q93312","display_name":"OSI model","level":3,"score":0.26489999890327454},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.2533000111579895}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.23801","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.23801","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.23801","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.23801","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.6224091649055481}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"AI":[0],"agent":[1,61,200],"protocols":[2,41,165,169,201],"--":[3,10,68],"including":[4],"MCP,":[5],"A2A,":[6],"ANP,":[7],"and":[8,19,135,212],"ACP":[9],"enable":[11],"autonomous":[12],"agents":[13],"to":[14,70,149,198],"discover":[15],"capabilities,":[16],"delegate":[17],"tasks,":[18],"compose":[20],"services":[21],"across":[22],"trust":[23],"boundaries.":[24],"Despite":[25],"massive":[26],"deployment":[27],"(MCP":[28],"alone":[29],"has":[30],"97M+":[31],"monthly":[32],"SDK":[33,147],"downloads),":[34],"no":[35],"systematic":[36],"security":[37,83,105,159],"framework":[38],"for":[39,73,163],"these":[40],"exists.":[42],"We":[43,152,175],"present":[44],"three":[45],"contributions.":[46],"First,":[47],"the":[48,74,78,130,154,228],"Agent":[49],"Protocol":[50],"Stack,":[51],"a":[52,59,92,109,121],"6-layer":[53],"architectural":[54],"model":[55],"that":[56,99,113,161,190],"defines":[57],"what":[58],"complete":[60,229],"protocol":[62,101,118,183,192],"must":[63],"specify":[64],"at":[65],"each":[66,89],"layer":[67],"analogous":[69],"ITU-T":[71],"X.800":[72],"OSI":[75],"stack.":[76],"Second,":[77],"Agent-Agnostic":[79],"Security":[80],"Model,":[81],"11":[82],"principles":[84],"formalized":[85],"as":[86],"TLA+":[87,133],"invariants,":[88,140],"tagged":[90],"with":[91,124,178],"property":[93],"taxonomy":[94],"(spec-mandated,":[95],"spec-recommended,":[96],"aasm-hardening,":[97],"aps-completeness)":[98],"distinguishes":[100],"non-conformance":[102],"from":[103,117],"framework-imposed":[104],"requirements.":[106],"Third,":[107],"AgentConform,":[108],"two-phase":[110],"conformance":[111],"checker":[112],"(i)extracts":[114],"normative":[115],"clauses":[116],"specifications":[119],"into":[120,132],"typed":[122],"Protocol~IR":[123],"explicit":[125],"Protocol/Environment/Adversary":[126],"action":[127],"separation,":[128],"(ii)compiles":[129],"IR":[131],"models":[134,180],"model-checks":[136],"them":[137],"against":[138,145],"AASM":[139],"then":[141],"(iii)replays":[142],"counterexample":[143],"traces":[144],"live":[146],"implementations":[148],"confirm":[150],"findings.":[151],"introduce":[153],"Composition":[155],"Safety":[156],"(CS)":[157],"principle:":[158],"properties":[160],"hold":[162],"individual":[164,191],"can":[166],"break":[167],"when":[168],"are":[170,217],"composed":[171],"through":[172],"shared":[173],"infrastructure.":[174],"demonstrate":[176],"this":[177],"formal":[179],"of":[181],"five":[182],"composition":[184,213],"patterns,":[185],"revealing":[186],"cross-protocol":[187],"design":[188],"gaps":[189,204],"analysis":[193],"cannot":[194],"detect.":[195],"Preliminary":[196],"application":[197],"representative":[199],"reveals":[202],"recurrent":[203],"in":[205,227],"credential":[206],"lifecycle,":[207],"consent":[208],"enforcement,":[209],"audit":[210],"completeness,":[211],"safety.":[214],"Some":[215],"findings":[216],"under":[218],"coordinated":[219],"disclosure;":[220],"full":[221],"evaluation":[222],"details":[223],"will":[224],"be":[225],"released":[226],"version.":[230]},"counts_by_year":[],"updated_date":"2026-03-27T06:05:27.210665","created_date":"2026-03-27T00:00:00"}